commit
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes various git shell commands ('git status', 'git fetch', 'git log', 'git switch', 'git diff', 'git add', 'git commit') to manage repository state and perform commits. These commands are necessary for the skill's primary functionality.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) as it processes data from external sources (file contents) via 'git diff' and 'git diff --staged'. Instructions hidden within the code being committed could potentially influence the agent's subsequent actions or the content of the commit messages.
- Ingestion points: Outputs of 'git diff' and 'git diff --staged' referenced in SKILL.md.
- Boundary markers: None identified to isolate untrusted data from the agent's instructions.
- Capability inventory: Execution of local git commands and user interaction via 'AskUserQuestion'.
- Sanitization: No sanitization or filtering of diff content is specified.
Audit Metadata